The ongoing battle between technology firms and government intelligence agencies has taken another twist with the discovery of sophisticated spyware for the Apple iPhone.
The exploit code, dubbed Trident, is alleged to originated from a Middle East government and could have turned the iPhone of a human rights activist into a spyware device with just one click.
The human right activist in question is Ahmed Mansoor who is based in the United Arab Emirates (UAE).
According to Citizen Lab researchers in Canada, Mansoor received a SMS message on his iPhone. The message contained a link that promised “new secrets” about detainees tortured in UAE jails, if he clicked on it.
But Mansoor was rightly suspicious and instead sent the messages to Citizen Lab researchers, who “recognised the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.”
The exploit chain has been called ‘Trident’, and once it had infected Mansoor’s iPhone, it would have turned the Apple device into a digital spy in his pocket, by utilising his camera and microphone.
The spyware would have also recorded his WhatsApp and Viber calls, logged messages sent in mobile chat apps, and tracked his movements, said the Citizen Lab researchers.
“We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find,” the Citizen Lab researchers said.
Once both sets of researchers discovered the iOS zero-days, they immediately notified Apple and sharing their findings.
Apple of course has of course previously refused to allow law enforcement surveillance attempts on its products, and it responded quickly. Apple rushed out the iOS 9.3.5 patch to block the Trident exploit chain.
This patch “closes the vulnerabilities that the NSO Group appears to have exploited and sold to remotely compromise iPhones,” said the Citizen Lab researchers.
“The going price for Pegasus was roughly $8 million for 300 licenses, so it’s not likely to be used against an average mobile device user, only targets that can be considered of high value,” wrote Lookout.
“The Pegasus attack starts with an SMS phishing attack using spoofed sender numbers and anonymised domains to deliver malware to the target’s iPhone,” said Lookout. “The target’s phone is remotely jailbroken and immediately starts compromising the target’s digital life. Calls, texts, calendar and contacts are all copied and sent to the attacker. The software is capable of activating a phone’s cameras and microphone to snoop on conversations around the device. It can also track a victim’s movements and steal messages from end-to-end encrypted chat clients.”
Apple iPhone users are being urged to apply the patch as soon as possible.
“Apple just released iOS 9.3.5, the latest security update for iDevice users,” wrote Paul Ducklin on Sophos’ Naked Security blog.
“We suggest you apply this update as soon as you can,” he wrote. “Ironically, iOS 9.3.4 came out just three weeks ago, and that update also seems to have been hurried out to close a hole that was ostensibly being used for jailbreaking.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…